{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Citrix Application Delivery Controller (ADC) ist eine Lösung zur Anwendungsbereitstellung und Lastverteilung.\r\nCitrix NetScaler ist eine integrierte Lösung für die Beschleunigung, das Traffic Management und die Sicherheit von Web-Applikationen. Citrix Access Gateway ist ein universell einsetzbares SSL-VPN. Advanced Access Control (AAC) ermöglichen es Administratoren, Zugriffsregeln für das Access Gateway festzulegen.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter anonymer Angreifer oder ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in Citrix Systems ADC und Citrix Systems NetScaler Gateway ausnutzen, um beliebigen Code auszuführen, erweiterte Privilegien zu erlangen, einen Denial-of-Service-Zustand zu erzeugen oder andere, nicht näher definierte Angriffe durchzuführen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Appliance\n- Sonstiges", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2025-1910 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1910.json" }, { "category" : "self", "summary" : "WID-SEC-2025-1910 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1910" }, { "category" : "external", "summary" : "Citrix Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 vom 2025-08-26", "url" : "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938" }, { "category" : "external", "summary" : "Europa CERT Advisory 2025-033 vom 2025-08-26", "url" : "https://cert.europa.eu/publications/security-advisories/2025-033/" }, { "category" : "external", "summary" : "CISA Known Exploited Vulnerabilities Catalog vom 2025-08-26", "url" : "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "source_lang" : "en-US", "title" : "Citrix Systems ADC und NetScaler Gateway: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2025-08-27T22:00:00.000+00:00", "generator" : { "date" : "2025-08-28T05:52:04.476+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.4.0" } }, "id" : "WID-SEC-W-2025-1910", "initial_release_date" : "2025-08-26T22:00:00.000+00:00", "revision_history" : [ { "date" : "2025-08-26T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2025-08-27T22:00:00.000+00:00", "number" : "2", "summary" : "Referenz(en) aufgenommen: EUVD-2025-25901" } ], "status" : "final", "version" : "2" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<14.1-47.48", "product" : { "name" : "Citrix Systems ADC <14.1-47.48", "product_id" : "T046504" } }, { "category" : "product_version", "name" : "14.1-47.48", "product" : { "name" : "Citrix Systems ADC 14.1-47.48", "product_id" : "T046504-fixed", "product_identification_helper" : { "cpe" : "cpe:/o:citrix:application_delivery_controller_firmware:14.1-47.48" } } }, { "category" : "product_version_range", "name" : "<13.1-59.22", "product" : { "name" : "Citrix Systems ADC <13.1-59.22", "product_id" : "T046506" } }, { "category" : "product_version", "name" : "13.1-59.22", "product" : { "name" : "Citrix Systems ADC 13.1-59.22", "product_id" : "T046506-fixed", "product_identification_helper" : { "cpe" : "cpe:/o:citrix:application_delivery_controller_firmware:13.1-59.22" } } }, { "category" : "product_version_range", "name" : "13.1-FIPS <13.1-37.241", "product" : { "name" : "Citrix Systems ADC 13.1-FIPS <13.1-37.241", "product_id" : "T046508" } }, { "category" : "product_version", "name" : "13.1-FIPS 13.1-37.241", "product" : { "name" : "Citrix Systems ADC 13.1-FIPS 13.1-37.241", "product_id" : "T046508-fixed", "product_identification_helper" : { "cpe" : "cpe:/o:citrix:application_delivery_controller_firmware:13.1-fips__13.1-37.241" } } }, { "category" : "product_version_range", "name" : "13.1-NDcPP <13.1-37.241", "product" : { "name" : "Citrix Systems ADC 13.1-NDcPP <13.1-37.241", "product_id" : "T046509" } }, { "category" : "product_version", "name" : "13.1-NDcPP 13.1-37.241", "product" : { "name" : "Citrix Systems ADC 13.1-NDcPP 13.1-37.241", "product_id" : "T046509-fixed", "product_identification_helper" : { "cpe" : "cpe:/o:citrix:application_delivery_controller_firmware:13.1-ndcpp__13.1-37.241" } } }, { "category" : "product_version_range", "name" : "12.1-FIPS <12.1-55.330", "product" : { "name" : "Citrix Systems ADC 12.1-FIPS <12.1-55.330", "product_id" : "T046510" } }, { "category" : "product_version", "name" : "12.1-FIPS 12.1-55.330", "product" : { "name" : "Citrix Systems ADC 12.1-FIPS 12.1-55.330", "product_id" : "T046510-fixed", "product_identification_helper" : { "cpe" : "cpe:/o:citrix:application_delivery_controller_firmware:12.1-fips__12.1-55.330" } } }, { "category" : "product_version_range", "name" : "12.1-NDcPP <12.1-55.330", "product" : { "name" : "Citrix Systems ADC 12.1-NDcPP <12.1-55.330", "product_id" : "T046511" } }, { "category" : "product_version", "name" : "12.1-NDcPP 12.1-55.330", "product" : { "name" : "Citrix Systems ADC 12.1-NDcPP 12.1-55.330", "product_id" : "T046511-fixed", "product_identification_helper" : { "cpe" : "cpe:/o:citrix:application_delivery_controller_firmware:12.1-ndcpp__12.1-55.330" } } } ], "category" : "product_name", "name" : "ADC" }, { "branches" : [ { "category" : "product_version_range", "name" : "Gateway <14.1-47.48", "product" : { "name" : "Citrix Systems NetScaler Gateway <14.1-47.48", "product_id" : "T046513" } }, { "category" : "product_version", "name" : "Gateway 14.1-47.48", "product" : { "name" : "Citrix Systems NetScaler Gateway 14.1-47.48", "product_id" : "T046513-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:citrix:netscaler:gateway__14.1-47.48" } } }, { "category" : "product_version_range", "name" : "Gateway <13.1-59.22", "product" : { "name" : "Citrix Systems NetScaler Gateway <13.1-59.22", "product_id" : "T046514" } }, { "category" : "product_version", "name" : "Gateway 13.1-59.22", "product" : { "name" : "Citrix Systems NetScaler Gateway 13.1-59.22", "product_id" : "T046514-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:citrix:netscaler:gateway__13.1-59.22" } } } ], "category" : "product_name", "name" : "NetScaler" } ], "category" : "vendor", "name" : "Citrix Systems" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2025-7775", "product_status" : { "known_affected" : [ "T046514", "T046504", "T046513", "T046508", "T046506", "T046509", "T046510", "T046511" ] }, "release_date" : "2025-08-26T22:00:00.000+00:00", "title" : "CVE-2025-7775" }, { "cve" : "CVE-2025-7776", "product_status" : { "known_affected" : [ "T046514", "T046504", "T046513", "T046508", "T046506", "T046509", "T046510", "T046511" ] }, "release_date" : "2025-08-26T22:00:00.000+00:00", "title" : "CVE-2025-7776" }, { "cve" : "CVE-2025-8424", "product_status" : { "known_affected" : [ "T046514", "T046504", "T046513", "T046508", "T046506", "T046509", "T046510", "T046511" ] }, "release_date" : "2025-08-26T22:00:00.000+00:00", "title" : "CVE-2025-8424" } ] }